Last night I logged into #hackthissite via IRSSI. Shortly after, someone had posted a link to my Facebook profile. My username (Jiffy) does not resemble either my Facebook profile or my name in anyway, how was he/she able to do this? I'm not even familiar with the community yet, so therefor no one (in theory) should know my name.

They told me "not to login from root", which I'm not completely sure what they meant. I didn't elevate my privileges in terminal to use Irssi. I first connected to irc.hackthissite.org (/connect irc.hackthissite.org) and then I joined #hackthissite (/join #hackthissite). Anybody know how this was possible? I was logged into Facebook at the time of joining.

I'm currently looking into IRC Security and a different IRC Client.

Thanks, - Jiffy

PS: I also appreciate whoever made me aware of this and that they only took it as far as making me aware (:

Are you sure that it was someone from HTS? What link did they post on your profile?First thing that comes to my mind, is that if you registered your real name with your IRC client, then people may still be able to see that by running a whois on your nick. Then it's just as simple as searching on Facebook or maybe even Google.

Sorry, I feel I may have been unclear. In the hackthissite IRC channel, someone posted a link to my Facebook profile (not vice versa). Irssi didn't require registration upon usage or installation, it only asked me to enter a nick (/nick <new username>).

My default nickname is "Jeff" in Irssi when I log into any channel. Irssi gets your first name from your account and sets that as default for the channel nickname. However that's too vague for them to find on Facebook. Unless there is a vulnerability in IRSSI allowing someone to view my full name on my OS (Gnu/Linux Fedora) since my actual username is what my Facebook profile is registered to.

I don't think there is a vulnerability out like that. You must've given out some information. Try looking through logs to see what you said. If you gave a website out, or a name, or anything like that.

Jiffy this was the link posted on your profile. This is not a valid profile link, so by default you are redirected to the current logged in profile. Those who clicked on this that were not currently logged in to facebook will simply get an error and be directed to the login screen.

VictoRMicH wrote:I ask if someone could answer some questions I had. They said yes, I try to open up a private session with them over IRC and they tell me that I shouldn't do that because I just gave him my IP...

I had no idea that it did this as I thought if you tried to open a 1 on 1 sessions with someone your IP would still be protected by the server. How can I hide my IP from other users of IRC?

If you are using HTS channels you should be fine as long as you running over SSL (6697, 7000). I believe if you are using the client on site this is done by default and that information is guarded. Also likely being trolled.

"The quieter you become, the more you are able to hear...""Drink all the booze, hack all the things."